Radio Frequency Credit Cards Proliferating Security Risk?

DENVER (CBS4)– Millions of credit cards, known as radio frequency identification cards, are emitting radio signals, giving away what some security experts say is crucial information that could allow an electronic pickpocket to steal your credit card information without ever laying a hand on you.

“It’s so inexpensive, so difficult to get caught I actually think there is more fraud going on with this than any other way,” said Walt Augustinowicz.

Augustinowicz owns a company that manufactures products to prevent electronic pickpockets.

“I do think it’s a real big threat. It’s easier to do this than all the other ways of skimming credit cards,” said Augustinowicz.

An estimated 200 million credit cards have been distributed that are embedded with a tiny microchip that sends out a signal with your card information and millions more such cards are on the way.

The signal is meant to be read by scanners in stores that keep consumers from having to hand over their credit cards to clerks and the idea is to make buying products faster and more convenient.

But the same signal that is meant to be read by store scanners can also be intercepted by anyone with a few hundred dollars of simple electronics that can be purchased on the internet.

That’s what Augustinowicz did in a demonstration he did for CBS4.
Armed with the same kind of electronic reader used by merchants, Augustinowicz walked up and down Denver’s 16th Street Mall, repeatedly getting people’s credit card numbers and expiration dates just by passing his concealed scanner near people’s wallets and purses.

They claim to have installed added security technology both on the RFID cards and in the processing network to prevent fraud. Some credit card issuers maintain that electronic skimmers like the ones Augustinowicz uses for his demonstrations can’t detect the three digit security code on the back of the cards which are necessary for lots of transactions.

Augustinowicz counters that for many transactions, lots of merchants don’t bother to ask for the three digit security code.

The U.S. government issues identification cards and ePassports with RFID tags similar to credit and debit cards. Those too are said to be vulnerable to theft and cloning attacks as are other forms of identification with embedded microchips.

Augustinowicz says his company is a major supplier of badge holders to the U.S. government to keep their RFID cards and badges shielded.